<?php
/**
 * 重写生成html表单生成方法.
 * User: paul
 * Date: 2017/1/12 0012
 * Time: 16:00
 */

namespace common\helpers;

use yii\helpers\BaseHtml;

class Html extends BaseHtml
{

    public static function radio($name, $checked = false, $options = [])
    {
        $options['checked'] = (bool) $checked;
        $value = array_key_exists('value', $options) ? $options['value'] : '1';
        if (isset($options['uncheck'])) {
            // add a hidden field so that if the checkbox is not selected, it still submits a value
            $hidden = static::hiddenInput($name, $options['uncheck']);
            unset($options['uncheck']);
        } else {
            $hidden = '';
        }
        if (isset($options['label'])) {
            $label = $options['label'];
            $labelOptions = isset($options['labelOptions']) ? $options['labelOptions'] : [];
            unset($options['label'], $options['labelOptions']);
            $content = static::label(static::input('radio', $name, $value, $options) . ' ' . $label, null, $labelOptions);
            return $hidden . $content;
        } else {
            return $hidden . static::input('radio', $name, $value, $options);
        }
    }

    //php防注入和XSS攻击通用过滤
    public static function  SafeFilterArr (&$arr)
    {
        $ra=Array('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/','/script/','/javascript/','/vbscript/','/expression/','/applet/'
        ,'/meta/','/xml/','/blink/','/link/','/style/','/embed/','/object/','/frame/','/layer/','/title/','/bgsound/'
        ,'/base/','/onload/','/onunload/','/onchange/','/onsubmit/','/onreset/','/onselect/','/onblur/','/onfocus/',
            '/onabort/','/onkeydown/','/onkeypress/','/onkeyup/','/onclick/','/ondblclick/','/onmousedown/','/onmousemove/'
        ,'/onmouseout/','/onmouseover/','/onmouseup/','/onunload/');

        if (is_array($arr))
        {
            foreach ($arr as $key => $value)
            {
                is_array($value) ? static::SafeFilterArr($arr[$key]) : $arr[$key] = static::safeFilterString($value);
            }
        }
    }


    public static function safeFilterString($str){
        $ra=Array('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/','/script/','/javascript/','/vbscript/','/expression/','/applet/'
        ,'/meta/','/xml/','/blink/','/link/','/style/','/embed/','/object/','/frame/','/layer/','/title/','/bgsound/'
        ,'/base/','/onload/','/onunload/','/onchange/','/onsubmit/','/onreset/','/onselect/','/onblur/','/onfocus/',
            '/onabort/','/onkeydown/','/onkeypress/','/onkeyup/','/onclick/','/ondblclick/','/onmousedown/','/onmousemove/'
        ,'/onmouseout/','/onmouseover/','/onmouseup/','/onunload/');

        if(!get_magic_quotes_gpc()){ //不对magic_quotes_gpc转义过的字符使用addslashes(),避免双重转义。
            $str = addslashes($str); //给单引号（'）、双引号（"）、反斜线（\）与 NUL（NULL 字符）
        }
        $str = preg_replace($ra,'',$str);//删除非打印字符，粗暴式过滤xss可疑字符串
        $str = htmlentities(strip_tags($str));//去除 HTML 和 PHP 标记并转换为 HTML 实体

        return $str;
    }
}